部署Kubernetes-dashboard(三)

最新推荐文章于 2024-04-29 17:47:51 发布
最新推荐文章于 2024-04-29 17:47:51 发布
阅读量844 收藏 3
点赞数
分类专栏: kubernetes docker 文章标签: dashboard kubernetes k8s ingress docker
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lmh_115305411/article/details/115298616
版权

部署Kubernetes-dashboard(三)

目录

部署Kubernetes-dashboard(三)

一、下载

二、安装

三、安装dashboard

四、获取dashboard token

一、下载

源码地址:https://github.com/kubernetes/dashboard

下载yaml文件:https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

替换recommended.yaml地址:

原地址加速地址
kubernetesui/metrics-scraper:v1.0.4registry.cn-shanghai.aliyuncs.com/dockerio_containers/kubernetesui-metrics-scraper:v1.0.4
kubernetesui/dashboard:v2.0.3registry.cn-shanghai.aliyuncs.com/dockerio_containers/kubernetesui-dashboard:v2.0.3

二、安装

[root@k8s-master kubernetes]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看否部署成功

[root@k8s-master kubernetes]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-744cb4588f-nbp54   1/1     Running   0          44s
kubernetes-dashboard-744c46974-64669         1/1     Running   0          44s

 

继续为dashboard添加用户,以下内容保存为admin-user.yaml

# 创建admin-user.yaml
[root@k8s-master kubernetes]# touch admin-user.yaml
# vim admin-user.yaml
=================================================
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
 
---
 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
==================================================
# 应用
[root@k8s-master kubernetes]# kubectl apply -f admin-user.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

部署成功了,但是不知道怎么访问,别急,我们可以通过部署ingress-nginx进行访问 复制部署文件:ingress-nginx.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
 
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
  name: ingress-nginx
  namespace: ingress-nginx
rules:
  - apiGroups:
      - ''
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - patch
  - apiGroups:
      - extensions
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
rules:
  - apiGroups:
      - ''
    resources:
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ''
    resources:
      - configmaps
      - pods
      - secrets
      - endpoints
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - services
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - networking.k8s.io   # k8s 1.14+
    resources:
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - configmaps
    resourceNames:
      - ingress-controller-leader-nginx
    verbs:
      - get
      - update
  - apiGroups:
      - ''
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ''
    resources:
      - endpoints
    verbs:
      - create
      - get
      - update
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - create
      - patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  type: ClusterIP
  ports:
    - name: https-webhook
      port: 443
      targetPort: webhook
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: http
    - name: https
      port: 443
      protocol: TCP
      targetPort: https
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: controller
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: ingress-nginx
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/component: controller
  revisionHistoryLimit: 10
  minReadySeconds: 0
  template:
    metadata:
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/component: controller
    spec:
      dnsPolicy: ClusterFirst
      containers:
        - name: controller
          image: registry.cn-shanghai.aliyuncs.com/quayio_containers/nginx-ingress-controller:0.33.0
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /wait-shutdown
          args:
            - /nginx-ingress-controller
            - --election-id=ingress-controller-leader
            - --ingress-class=nginx
            - --configmap=ingress-nginx/ingress-nginx-controller
            - --validating-webhook=:8443
            - --validating-webhook-certificate=/usr/local/certificates/cert
            - --validating-webhook-key=/usr/local/certificates/key
          securityContext:
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
            runAsUser: 101
            allowPrivilegeEscalation: true
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          livenessProbe:
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
            - name: https
              containerPort: 443
              protocol: TCP
            - name: webhook
              containerPort: 8443
              protocol: TCP
          volumeMounts:
            - name: webhook-cert
              mountPath: /usr/local/certificates/
              readOnly: true
          resources:
            requests:
              cpu: 100m
              memory: 90Mi
      serviceAccountName: ingress-nginx
      hostNetwork: true
      terminationGracePeriodSeconds: 300
      volumes:
        - name: webhook-cert
          secret:
            secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  name: ingress-nginx-admission
  namespace: ingress-nginx
webhooks:
  - name: validate.nginx.ingress.kubernetes.io
    rules:
      - apiGroups:
          - extensions
          - networking.k8s.io
        apiVersions:
          - v1beta1
        operations:
          - CREATE
          - UPDATE
        resources:
          - ingresses
    failurePolicy: Fail
    sideEffects: None
    admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      service:
        namespace: ingress-nginx
        name: ingress-nginx-controller-admission
        path: /extensions/v1beta1/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
rules:
  - apiGroups:
      - admissionregistration.k8s.io
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: ingress-nginx-admission-create
  annotations:
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
spec:
  template:
    metadata:
      name: ingress-nginx-admission-create
      labels:
        helm.sh/chart: ingress-nginx-2.11.0
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/version: 0.34.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: admission-webhook
    spec:
      containers:
        - name: create
          image: registry.cn-shanghai.aliyuncs.com/dockerio_containers/jettech-kube-webhook-certgen:v1.2.2
          imagePullPolicy: IfNotPresent
          args:
            - create
            - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc
            - --namespace=ingress-nginx
            - --secret-name=ingress-nginx-admission
      restartPolicy: OnFailure
      serviceAccountName: ingress-nginx-admission
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: ingress-nginx-admission-patch
  annotations:
    helm.sh/hook: post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
spec:
  template:
    metadata:
      name: ingress-nginx-admission-patch
      labels:
        helm.sh/chart: ingress-nginx-2.11.0
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/version: 0.34.0
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/component: admission-webhook
    spec:
      containers:
        - name: patch
          image: registry.cn-shanghai.aliyuncs.com/dockerio_containers/jettech-kube-webhook-certgen:v1.2.2
          imagePullPolicy: IfNotPresent
          args:
            - patch
            - --webhook-name=ingress-nginx-admission
            - --namespace=ingress-nginx
            - --patch-mutating=false
            - --secret-name=ingress-nginx-admission
            - --patch-failure-policy=Fail
      restartPolicy: OnFailure
      serviceAccountName: ingress-nginx-admission
      securityContext:
        runAsNonRoot: true
        runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
rules:
  - apiGroups:
      - ''
    resources:
      - secrets
    verbs:
      - get
      - create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
  - kind: ServiceAccount
    name: ingress-nginx-admission
    namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ingress-nginx-admission
  annotations:
    helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
  labels:
    helm.sh/chart: ingress-nginx-2.11.0
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/version: 0.34.0
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/component: admission-webhook
  namespace: ingress-nginx

部署

[root@k8s-master kubernetes]# kubectl apply -f ingress-nginx.yaml
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission created

检查nginx ingress是否正常运行

[root@k8s-master kubernetes]# kubectl get pods -n ingress-nginx -o wide
NAME                                        READY   STATUS    RESTARTS   AGE   IP       NODE     NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-5z5ft        0/1     Pending   0          44s   <none>   <none>   <none>           <none>
ingress-nginx-admission-patch-h88dr         0/1     Pending   0          44s   <none>   <none>   <none>           <none>
ingress-nginx-controller-585d9b858f-c6qld   0/1     Pending   0          54s   <none>   <none>   <none>           <none>

都是pending 没有正常运行

一顿操作猛如虎好了

[root@k8s-master kubernetes]# kubectl get pods -n ingress-nginx -o wide
NAME                                        READY   STATUS      RESTARTS   AGE   IP              NODE         NOMINATED NODE   READINESS GATES
ingress-nginx-admission-create-mxt4v        0/1     Completed   0          40m   10.244.1.2      k8s-node-1   <none>           <none>
ingress-nginx-admission-patch-rbmx6         0/1     Completed   2          40m   10.244.1.3      k8s-node-1   <none>           <none>
ingress-nginx-controller-585d9b858f-fjpbm   1/1     Running     0          40m   172.19.12.166   k8s-node-1   <none>           <none>

k8s-node-1节点上:

[root@k8s-node-1 kubernetes]# yum -y install net-tools

...

[root@k8s-node-1 kubernetes]# netstat -tnlp|grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      21402/nginx: master 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      980/sshd            
tcp6       0      0 :::80                   :::*                    LISTEN      21402/nginx: master 
tcp6       0      0 :::22                   :::*                    LISTEN      980/sshd 

[root@k8s-node-1 kubernetes]# netstat -tnlp|grep 443|grep nginx
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      21402/nginx: master 
tcp6       0      0 :::8443                 :::*                    LISTEN      21379/nginx-ingress 
tcp6       0      0 :::443                  :::*                    LISTEN      21402/nginx: master

可以通过浏览器直接输入k8s-node-1 ip地址进行访问:http://172.19.12.166 ,显示nginx 404 not found说明nginx正常运行。

三、安装dashboard

我们接下来为dashboard services添加ingress 访问。

以下内容保存为dashboard-ingress.yaml文件:


apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.org/ssl-backends: "kubernetes-dashboard"
    kubernetes.io/ingress.allow-http: "false"
  name: dashboard-ingress
  namespace: kubernetes-dashboard
spec:
  tls:
  - hosts:
    - {dashboard.k8s.xxx.com}
    secretName: {admin-user-token-bp85k}
  rules:
  - host: {dashboard.k8s.xxx.com}
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

其中 dashboard.k8s.xxx.com 域名大家可以随便命名,但是要添加在自己的电脑hosts里面。把它映射到192.168.1.102即可。

其中 secretName可以通过一下命令进行查看:

[root@k8s-master kubernetes]# kubectl apply -f ./dashboard-ingress.yaml 
ingress.extensions/dashboard-ingress created

验证:

# kubectl get ing -n kubernetes-dashboard

[root@k8s-master kubernetes]# kubectl get ing -n kubernetes-dashboard
NAME                CLASS    HOSTS                        ADDRESS         PORTS     AGE
dashboard-ingress   <none>   dashboard.k8s.gstanzer.com   172.19.12.166   80, 443   3m1s

四、获取dashboard token

[root@k8s-master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-74bpw
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 38d9cf40-e541-4359-b56a-14359a651b47

Type:  kubernetes.io/service-account-token

Data
====
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InFxOHNTOUo0LWtSNGpKNmNrWWNZanB1Z2JkcDdraThvNExDbW11NDBXblEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTc0YnB3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzOGQ5Y2Y0MC1lNTQxLTQzNTktYjU2YS0xNDM1OWE2NTFiNDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.QghOX6ljgIoUbTZaa1ypbSHqxEIOcIL56TOTcVwGt2fERni_1S7u2I7fHu9joE92qPUGN5qrw9AQkV4dSmqO_TGcVbU6j2GQzdKFRSGu3pJH6ZmBYl4lVq4tmN6un6Zij0aI5CYYZzj45olLWOlg-lK91yH6SEwGsKrQuavqhrln_iB2HN41VlKjaW07TtOJs5CHUsUHVbaPH2tuwJyDJ9eMf1KdhQbjfDRxOWHI_DxT0muoRlXkShUGoLOmfRowwYyywsRdpYIqd6hX0zBunjHaghrShpRP76YuMEccb3EZ1PLsF_H667z0w1bOBOEPh7QgEnAMs4CRjjn3_A9qrg
ca.crt:     1025 bytes
# kubeadm token list

[root@k8s-master kubernetes]# kubectl get secret -n=kube-system
NAME                                             TYPE                                  DATA   AGE
attachdetach-controller-token-qjntr              kubernetes.io/service-account-token   3      16h
bootstrap-signer-token-pkbhg                     kubernetes.io/service-account-token   3      16h
bootstrap-token-vcu3z1                           bootstrap.kubernetes.io/token         7      16h
certificate-controller-token-2lkl8               kubernetes.io/service-account-token   3      16h
clusterrole-aggregation-controller-token-6q7gr   kubernetes.io/service-account-token   3      16h
coredns-token-f6th7                              kubernetes.io/service-account-token   3      16h
cronjob-controller-token-jlhmg                   kubernetes.io/service-account-token   3      16h
daemon-set-controller-token-9zhxf                kubernetes.io/service-account-token   3      16h
default-token-nwchs                              kubernetes.io/service-account-token   3      16h
deployment-controller-token-xj4p2                kubernetes.io/service-account-token   3      16h
disruption-controller-token-5tr6d                kubernetes.io/service-account-token   3      16h
endpoint-controller-token-j7lfp                  kubernetes.io/service-account-token   3      16h
endpointslice-controller-token-z9m85             kubernetes.io/service-account-token   3      16h
expand-controller-token-tn895                    kubernetes.io/service-account-token   3      16h
flannel-token-qwsnz                              kubernetes.io/service-account-token   3      15h
generic-garbage-collector-token-qqhrx            kubernetes.io/service-account-token   3      16h
horizontal-pod-autoscaler-token-pv8f2            kubernetes.io/service-account-token   3      16h
job-controller-token-r5n9h                       kubernetes.io/service-account-token   3      16h
kube-proxy-token-vfsp7                           kubernetes.io/service-account-token   3      16h
namespace-controller-token-nkvsk                 kubernetes.io/service-account-token   3      16h
node-controller-token-v4jth                      kubernetes.io/service-account-token   3      16h
persistent-volume-binder-token-mvglk             kubernetes.io/service-account-token   3      16h
pod-garbage-collector-token-zkw22                kubernetes.io/service-account-token   3      16h
pv-protection-controller-token-k6msr             kubernetes.io/service-account-token   3      16h
pvc-protection-controller-token-bn56s            kubernetes.io/service-account-token   3      16h
replicaset-controller-token-wbzv5                kubernetes.io/service-account-token   3      16h
replication-controller-token-c4r64               kubernetes.io/service-account-token   3      16h
resourcequota-controller-token-xlhzc             kubernetes.io/service-account-token   3      16h
service-account-controller-token-h69hb           kubernetes.io/service-account-token   3      16h
service-controller-token-ccz8d                   kubernetes.io/service-account-token   3      16h
statefulset-controller-token-t6lqw               kubernetes.io/service-account-token   3      16h
token-cleaner-token-k4kjs                        kubernetes.io/service-account-token   3      16h
ttl-controller-token-r4j4w                       kubernetes.io/service-account-token   3      16h


## 找到 default-token-xxxx

[root@k8s-master kubernetes]# kubectl describe secret -n=kube-system default-token-nwchs 
Name:         default-token-nwchs
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: bd8e1f72-34f6-4562-803e-7fee749018ab

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InFxOHNTOUo0LWtSNGpKNmNrWWNZanB1Z2JkcDdraThvNExDbW11NDBXblEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLW53Y2hzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiZDhlMWY3Mi0zNGY2LTQ1NjItODAzZS03ZmVlNzQ5MDE4YWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.ldliSTKndtSTKuVlfnxY4qICdwAKP3N0mLECxL-Qc-46VXKNKtexojAFg-Z0eCPzKRnWe0RbawdyleCPXpHZA_bX7rTp4WTOIxwfxkA1yQa5eRbGQ-y0TR_B9HzL0_bn6-_V5sI-tLOcxfDortimWg4LWeASoD9YIrtsSuumlPIOsPDqmsMdY6brHrnEZPdzOX0mIFAmMm4_aGzZCVKpUsBlc6a7Er5hjCUrGrFrbkOXnhLMFRbxxhMJ4z_DvoCIHL0wgicIUdaF6Y87HfOX7QLx1aS65KSUlmvuU1ldpq_PxfrBY53WmlSua1e1BtZ8E12OK9YV6ngNUDlaC4sXbQ

 

上一篇:Kubeadm安装Kubernetes集群(二)

下一篇:Kubernetes Dashboard 设置用户(四)

主公不搬砖
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
Liberty nova-api load app过程跟踪
RingoShen的博客
05-06 2891
之前的文章中已经分析了nova-api的整体启动流程,但是其中一些重要的细节并没有深入看,今天这篇文章主要看一下nova-api中的loadapp的过程。
使用Windbg解析dump文件
热门推荐
沧海一粟的专栏
12-28 7万+
第一章 常用的Windbg指令 ①!analyze -v  ②kP                            可以看函数的入参 ③!for_each_frame dv /t         可以看函数中的局部变量 ④dc                            产看某一内存中的值    可以直接接变量名 不过可能需要回溯栈 ⑤!threads
Kubernetes - Dashboard 配置用户名密码方式登录
物似人非 情有何堪
04-29 696
为了 K8s 集群安全,默认情况下 Dashboard 以 Token的形式登录的,那如果我们想以用户名/密码的方式登录该怎么操作呢?其实只需要我们创建用户并进行 ClusterRoleBinding绑定即可,接下来是具体的操作流程。 K8sdashboard默认是通过Token去登录的,有时候也会不太方便,我们也可以通过账号密码的形式去登录dashboard,不过账号密码登录dashboard的方式仅在K8s v1.19以前的版本支持。
Redis:黑马点评项目之用户短信登录
m0_49569564的博客
03-23 1万+
一、表结构 建表sql语句: /* Navicat Premium Data Transfer Source Server : local Source Server Type : MySQL Source Server Version : 50622 Source Host : localhost:3306 Source Schema : hmdp Target Server Type : MySQL Target Se
淘宝/天猫关键词搜索采集接口分析商品价格走势(商品列表,商品销量,商品价格,分类ID采集精准商品数据)接口代码对接流程
weixin_19970108018的博客
08-26 537
淘宝关键词搜索商品数据接口,淘宝关键词搜索商品价格接口,淘宝关键词搜索商品列表接口,淘宝关键词搜索api接口,淘宝关键词搜索商品销量接口,淘宝分类ID搜索商品接口,天猫商品分类ID接口,天猫关键词搜索商品数据接口,天猫关键词搜索商品价格接口,天猫关键词搜索商品列表接口,天猫关键词搜索api接口,天猫关键词搜索商品销量接口,天猫分类ID搜索商品接口,天猫商品详情采集接口,天猫关键词搜索商品接口,天猫关键词搜索列表接口...
ACPYPE中FAILED: [Errno 2] No such file or directory: 'FFF_AC.prmtop'的解决方法
小木的博客
04-17 1万+
大家如果在github上面下载ACPYPE (https://github.com/t-/acpype),放入到LINUX上面安装后,百分百报错,出现的问题如下: [root@pdynamo test]# ../acpype.py -i FFF.pdb ========================================================================...
kubernetes-dashboard-amd64-v1.8.3镜像包
05-13
kubernetes-dashboard-amd64-v1.8.3镜像包,由于国外镜像无法下载,可以用这个包load到本地镜像,再上传到你的私有仓库,实现离线部署安装dashboard。解压后有操作命令
kubernetes-dashboard.yaml
06-28
Dashboard 是基于网页的 Kubernetes 用户界面,可以使用 Dashboard 将容器应用部署Kubernetes 集群中
kubernetes-dashboard-amd64-zh
05-27
使用于部署kubernetes控制web界面
kubernetes-dashboard
最新发布
05-29
k8s平台界面部署,yaml文件,kubernetes集群管理平台
【无标题】
weixin_44782100的博客
12-14 3万+
data:video/quicktime;base64,AAAAFGZ0eXBxdCAgAAAAAHF0ICAAAAAId2lkZQAGlrNtZGF0ANAABwD6Fy4ocRBRPiZd074MHd0MFypsSz7xD38Ig92TTE4RyGI5mQ7N0qgN7kzPkM3LJ2MgTxDycO4TyNYnAhSuz6bYxSE2d3bxw1iSCbYhN6bqQQiCJrcQHUIU0eydv/V7HBvDUsPUX/GD3CH4a53GkAVrqVEn+D7+OA8hMzcBth46lNJr
阿里云服务器怎么正确使用OSS内网地址?
jisuyunzzc的博客
06-24 2万+
阿里云服务器怎么正确使用OSS内网地址? 阿里云对象存储提供内外网访问。正确使用OSS内网地址一方面可以使用同区域OSS到阿里云服务器流量之间的免费流量,另一方面阿里云服务器通过内网访问OSS的网络质量较好,能够有效的提升应用的上传和下载质量。 OSS的每一个Bucket都属于一个特定区域,每个特定区域都提供唯一的内外网地址。特定地区的Bucket内网地址只允许同地区的阿里云服务器访问,但外网地址没有地区限制。 OSS各区域的外网、内网地址如下: 青岛(华北 1)节点外网地址: oss-cn-qingda
阿里云Docker Registry 操作指南
Spring Boot-Common On With You
12-07 1万+
《将本地Docker镜像发布到私有或共有库》 前言 本篇文章将带领读者,完成远程阿里云Docker Registry 操作指南。 将本地 docker 镜像拉取/推送到远程仓库 1、登录阿里云Docker Registry sudo docker login --username=[个人用户名]...
阿里云OSS视频上传,踩过的坑
jinchunzhao的博客
05-23 1万+
错误一: js报错: aliyun-oss-sdk.min.js:10 OPTIONS http://tyzkj.oss-cn-shenzhen.aliyuncs.com/tyzkj/2019-05-23/20190523100040.mp4?uploads= 403 (Forbidden) addVideo:1 Access to fetch at 'http://tyzkj.oss-c...
docker配置阿里云镜像加速
qq_42180416的博客
08-18 343
docker配置阿里云镜像加速 访问阿里云 https://www.aliyun.com/ 登入阿里云,可用淘宝或支付宝扫描登入 点击控制台 搜索容器镜像服务,查看镜像工具-镜像加速器(根据自己的系统选择) 针对安装了Docker for Mac的用户,您可以参考以下配置步骤:在任务栏点击 Docker Desktop 应用图标 -> Perferences,在左侧导航菜单选择 Docker Engine,将加速地址填写,点击 Apply & Restart按钮 成功后
docker使用阿里云镜像仓库
aiduo1030的博客
03-16 1289
1:阿里云docker仓库https://dev.aliyun.com/search.html 2:进去注册帐号后,点击自己的管理中心。 3:在管理中心点击加速器,右边面板会有你的加速地址,右边面板下面有详细设置步骤。以下代码用于检测你有没有开启加速器 sudo ps -ef | grep root 17825 1 0 16:50 ? 00...
学习笔记十二:安装k8s可视化UI界面dashboard
weixin_43258559的博客
03-29 2040
port是集群内的pod互相通信用的端口类型,比如nginx访问mysql,而mysql是不需要让客户访问到的,port是service的的端口。在google浏览器中,在上图出现的页面任意位置,直接键盘敲入这11个字符:thisisunsafe,可以直接跳过安全报错进入页面。注:表单中创建pod时没有创建nodeport的选项,会自动创建在30000+以上的端口。nodeport是集群外流量访问集群内服务的端口,比如客户访问nginx,apache,打开kubernetesdashboard界面。
Kubernetes部署篇】K8s图形化管理工具Dasboard部署及使用
秦子腾
04-24 5万+
Kubernetes Dashboard是一个Web UI,用于管理Kubernetes集群中的应用程序和资源。它提供了一个可视化的界面,可以方便地查看和管理Kubernetes集群中的各种资源,如Pod、Deployment、Service、ConfigMap等。Dashboard还提供了一些高级功能,如日志查看、资源监控、命名空间管理等。官方GitHub官方下载地址网盘下载地址。
自动化运维之k8s——kubernetes资源监控、容器资源限制、HPA、Helm(未完待续)
Zhaohui_Zhang的博客
03-10 3474
一、k8s容器资源限制 Kubernetes采用request和limit两种限制类型来对资源进行分配。 request(资源需求):即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod。 limit(资源限额):即运行Pod期间,可能内存使用量会增加,那最多能使用多少内存,这就是资源限额。 资源类型: CPU 的单位是核心数,内存的单位是字节。 一个容器申请0.5个CPU,就相当于申请1个CPU的一半,你也可以加个后...
kubernetes-dashboard 部署
06-08
以下是部署 Kubernetes Dashboard 的步骤: 1. 下载 Kubernetes Dashboard YAML 文件: ```bash curl -LO https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml ``` 2. ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

主公不搬砖

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值